EMC China Lab

EN 18031 Testing Services

Views :
Update time : 2025-02-24

The mandatory implementation date for the EU Radio Equipment Directive (RED) cybersecurity requirements under en 18031 is August 1, 2025. Although it has not yet been officially listed as a harmonized standard in the EU Official Journal (OJ), manufacturers are advised to prepare for compliance in advance.

 

Below is a comprehensive overview of the testing content for the EN 18031 series of standards, in line with the cybersecurity requirements of the EU Radio Equipment Directive (RED):

 

EN 18031 Testing Services(图1)


Standard Background and Scope

The EN 18031 series of standards was developed by the EU to implement the cybersecurity requirements under Article 3(3)(d), (e), and (f) of the RED Directive (2014/53/EU), specifically focused on securing networked radio equipment. This standard is divided into three parts, each addressing asset protection in different domains:

 

- EN 18031-1: Corresponding to Article 3(3)(d), focusing on cybersecurity assets (e.g., network infrastructure, communication protocols).

 

- EN 18031-2: Corresponding to Article 3(3)(e), focusing on privacy assets (e.g., personal identification information, health data).

 

- EN 18031-3: Corresponding to Article 3(3)(f), dedicated to the protection of financial assets (e.g., devices supporting cryptocurrency transactions or funds transfer).

 

Core Testing Content

1. General Security Mechanisms (Applicable to EN 18031-1/2/3):

 - Access Control Mechanism (ACM): Verifying the device’s ability to manage user permissions, preventing unauthorized operations.

 - Authentication Mechanism (AUM): Testing the reliability and anti-breach capabilities of multi-factor authentication (e.g., biometrics, dynamic passwords).

 - Secure Communication (SCM): Checking the encryption protocols for data transmission (e.g., TLS 1.3) and the ability to defend against man-in-the-middle attacks.

 - Secure Storage Mechanism (SSM): Evaluating encryption storage solutions for sensitive data (e.g., keys, transaction records), ensuring compliance with standards such as AES-256.

 - Secure Updates Mechanism (SUM): Verifying the integrity of firmware/software updates and anti-tampering mechanisms (e.g., digital signature verification).

 

2. Itemized Testing Focus:

 - EN 18031-3 (Financial Asset Protection):

 - Anti-fraud Functions: Testing the device's ability to identify and block abnormal transactions (e.g., phishing attacks, duplicate payments).

 - Key Management: Ensuring that pre-installed or generated encryption keys are ≥112 bits in length and verifying the security of the key lifecycle (generation, storage, destruction).

 - Log Mechanism (LGM): Ensuring the integrity, anti-tampering, and traceability of transaction logs.

 

 - EN 18031-2 (Privacy Protection):

 - Data Anonymization: Verifying the anonymization processes for personal privacy information (e.g., geolocation, payment records).

 - Compliance Auditing: Checking adherence to privacy regulations such as GDPR, ensuring data minimization principles.

 

 - EN 18031-1 (Cybersecurity):

 - Vulnerability Protection: Assessing the device’s attack resistance through penetration testing (e.g., SQL injection, DDoS attack simulation).

 - Network Segmentation: Verifying the device’s network segmentation and isolation mechanisms under abnormal traffic conditions.

 

Testing Process and Requirements

1. Document Preparation:

 - Submit an asset identification table that classifies security, network, privacy, and financial assets.

 - Provide technical documentation (design specifications, communication interface matrix, security policies).

 

2. Prototype Requirements:

 - Provide 4-6 prototypes (including 2-3 debug prototypes) with open debug interfaces (e.g., root access) to support in-depth testing.

 

3. Testing Timeline:

 - Documentation Submission: 4-12 weeks.

 - Functionality Testing: 8-12 weeks (including concept evaluation, functional verification, and fuzz testing).

 

Compliance Recommendations

- Plan Ahead: Due to the lengthy testing process, it is recommended to initiate the certification process at least 6 months before the mandatory implementation deadline.

- Collaborate with Certified Laboratories: Choose a third-party laboratory qualified under the RED directive for pre-testing to optimize design flaws.

- Ongoing Maintenance: Regularly update security patches and maintain records of updates to ensure compliance throughout the device's lifecycle.


Email:hello@jjrlab.com


Leave Your Message


Write your message here and send it to us


Related News
Read More >>
Amazon UL Standard Test Report Amazon UL Standard Test Report
04 .26.2025
China JJR Lab provides UL testing for Amazon listings, ensuring ISO 17025 compliance for powered pro...
When Can FCC ID Modifications Be Filed? When Can FCC ID Modifications Be Filed?
04 .26.2025
FCC ID modification includes Class I, II, III, and Change ID. JJR Lab China provides reliable, effic...
LoRa Certification Testing Laboratory LoRa Certification Testing Laboratory
04 .26.2025
LoRa Certification Testing by China JJR Lab: We offer full testing for LoRa modules and gateways acr...
Blood Pressure Monitor Certification Testing Servi Blood Pressure Monitor Certification Testing Servi
04 .26.2025
Blood pressure monitor testing per global and China standards, including EMC, safety, performance, a...
ECG Device Certification Testing ECG Device Certification Testing
04 .26.2025
ECG device certification testing, including EMC, safety, performance, biocompatibility, and steriliz...
Pulse Oximeter Certification and Testing Standards Pulse Oximeter Certification and Testing Standards
04 .26.2025
Pulse oximeters measure SpO₂ using light technology. JJR Laboratory in China provides certification ...
IVD Medical Device GB 4793:2024 Test Report IVD Medical Device GB 4793:2024 Test Report
04 .26.2025
GB 4793:2024 IVD safety testing now mandatory—JJR Laboratory China offers certified testing services...
IECEE CBTL Testing Laboratory for IVD Medical Devi IECEE CBTL Testing Laboratory for IVD Medical Devi
04 .26.2025
China JJR Laboratory, accredited by IECEE CBTL, offers testing for MED & IVD equipment, providin...

Leave Your Message